Create public and private autosigned keys of our own Certification Authority ( in the example is valid for 10 years ). We will need to specify certificate data, passworrd to crypt and the process will generate two files:

Apache will be waiting a PEM format, is mandatory convert to this format:

openssl x509 -in requests/server-signed.pem -out requests/server.crt

Apache configuration

Copy server.crt and server.key into /etc/apache2/ssl ( if ssl folder not exists, create it ). Change files grants ( server.key should only be readed by root user, server.crt should have read grant to everybody ):

chmod 400 server.key
chmod 444 server.crt

If apache is not listening ssl port, enable it configuring /etc/apache2/ports.conf:

To create certificates and sign with CA, first create the pair of keys. We will need to specify password and certification data. Will be created a eky ( user.key) and certification request ( user.pem ):